'Printer Bomb' Malware Spread Via Compromised .htaccess Files, Says Symantec
A form of malware that produces junk print jobs has compromised approximately 4,000 websites. In these websites, the attacker accessed and modified the .htaccess file, which is a configuration file that sets the parameters for secure entry onto the website. In this type of attack, the compromised website redirects the visitors to a malicious website. Once the malicious site is accessed, more threats may be downloaded onto the users’ computer. This specific attack transmits malware to launch print jobs that waste paper until the printer runs out. The malware used for these attacks has been encrypted to delay analysis and has used different domain names, changing every few months, to avoid being blacklisted.
In order to prevent these types of attacks, administrators of these websites should regularly check access logs to detect any intrusions. It would also be wise to monitor sites for any unexpected redirects and maintain backups of .htaccess files to compare to those on the server. Finally, scanning the website for SQL injections and Cross Site scripting issues would be useful to avoid dangerous security holes used by hackers to access sites.
If the website still becomes compromised by these attacks, it would be necessary to thoroughly scan computers for malware and then change all site passwords. Encrypting passwords and data through a password manager may also increase security for the user.
Researchers Link Sykipot Trojan to Spear-Phishing Attacks
Sykipot malware is using spear-phishing attacks to target the aerospace industry. The Sykipot Trojan was first identified targeting a U.S. Department of Defense program used for secure authentication. The original attacks consisted of file format exploits through spear-phishing mails to gain access to systems. Now, e-mails are being sent directly to the victims with a malicious link that may exploit vulnerabilities on the user’s browser once clicked. The malware then tries to get a configuration file from a remote server. These downloads are specifically exploiting vulnerabilities that affect Adobe Flash Player and XML Core Services. The group seems to be attacking US based servers to install software that serves malicious content or redirects the connections to a remote server.
Spear-phishing attacks generally prey on user vulnerabilities. This specific attack relies on the user clicking on a link in the e-mail, which could easily be prevented if the user avoids opening suspicious emails or clicking on such links. Once the malware infects the computer, the information stored is highly at risk of being stolen by the attacker. By encrypting passwords and other data stored, the attacker may be less successful in attaining the desired information. Additionally, the user should constantly install the latest security patches and updates from application vendors to ensure all vulnerabilities are fixed.
'Printer Bomb' Malware Spread Via Compromised .htaccess Files, Says Symantec
A form of malware that produces junk print jobs has compromised approximately 4,000 websites. In these websites, the attacker accessed and modified the .htaccess file, which is a configuration file that sets the parameters for secure entry onto the website. In this type of attack, the compromised website redirects the visitors to a malicious website. Once the malicious site is accessed, more threats may be downloaded onto the users’ computer. This specific attack transmits malware to launch print jobs that waste paper until the printer runs out. The malware used for these attacks has been encrypted to delay analysis and has used different domain names, changing every few months, to avoid being blacklisted.In order to prevent these types of attacks, administrators of these websites should regularly check access logs to detect any intrusions. It would also be wise to monitor sites for any unexpected redirects and maintain backups of .htaccess files to compare to those on the server. Finally, scanning the website for SQL injections and Cross Site scripting issues would be useful to avoid dangerous security holes used by hackers to access sites.
If the website still becomes compromised by these attacks, it would be necessary to thoroughly scan computers for malware and then change all site passwords. Encrypting passwords and data through a password manager may also increase security for the user.
Researchers Link Sykipot Trojan to Spear-Phishing Attacks
Sykipot malware is using spear-phishing attacks to target the aerospace industry. The Sykipot Trojan was first identified targeting a U.S. Department of Defense program used for secure authentication. The original attacks consisted of file format exploits through spear-phishing mails to gain access to systems. Now, e-mails are being sent directly to the victims with a malicious link that may exploit vulnerabilities on the user’s browser once clicked. The malware then tries to get a configuration file from a remote server. These downloads are specifically exploiting vulnerabilities that affect Adobe Flash Player and XML Core Services. The group seems to be attacking US based servers to install software that serves malicious content or redirects the connections to a remote server.
Spear-phishing attacks generally prey on user vulnerabilities. This specific attack relies on the user clicking on a link in the e-mail, which could easily be prevented if the user avoids opening suspicious emails or clicking on such links. Once the malware infects the computer, the information stored is highly at risk of being stolen by the attacker. By encrypting passwords and other data stored, the attacker may be less successful in attaining the desired information. Additionally, the user should constantly install the latest security patches and updates from application vendors to ensure all vulnerabilities are fixed.
50/50